Privacy Policy

INTRODUCTION

Trace Meal places fundamental importance on protecting the personal data of its users.

This Privacy Policy describes how Trace Meal collects, uses, stores, and protects personal data in the context of using the Trace Meal mobile application (hereinafter "the Application").

This policy complies with the General Data Protection Regulation (GDPR - EU Regulation 2016/679), the French Data Protection Act, and the California Consumer Privacy Act (CCPA).

1. DATA CONTROLLER IDENTITY

The data controller is:

Jeremy Dumesny
Sole proprietor (micro-entrepreneur)
SIREN: 104302872
SIRET: 10430287200015
Address: 103 Avenue Isola Bella, Rosella Hightower, 06400 Cannes, France
Email: support.tracemeal@gmail.com

2. DATA COLLECTED

2.1 Data Provided Directly by the User

When creating your account and using the Application, we collect:

Identification data:

• Email address
• First name (optional)
• Apple ID (for "Sign in with Apple" connection)

Nutritional and health data:

• Photographs of meals
• Generated nutritional estimates
• Personalized caloric and macro goals
• Weight and weight evolution (optional)
• Height (optional)
• Gender (optional)
• Date of birth or age (optional)
• Physical activity level (optional)
• Food preferences and restrictions

Application usage data:

• History of logged meals
• Conversations with the AI assistant "Mira"
• Personal preferences and settings

2.2 Automatically Collected Data

When using the Application, we automatically collect:

Technical data:

• Unique device identifier (anonymized)
• iOS operating system version
• Device model
• Language and regional settings
• Crash and performance data

Usage data:

• Application usage frequency
• Features used
• Session duration
• Connection date and time

2.3 Data Received from Third Parties

Apple Inc.: information related to your subscription (status, renewal dates) via the In-App Purchase service.

Apple Health (with your explicit authorization): weight, steps, physical activity, energy expenditure.

3. PURPOSES OF PROCESSING

We use your personal data only for the following purposes:

Service provision:

• Account creation and management
• AI photographic analysis of your meals
• Personalized calculation of your nutritional goals
• Progress tracking
• Personalization of recommendations

Communication:

• Response to your support requests
• Application notifications (which you can disable)
• Information about service evolutions

Service improvement:

• Anonymized usage analysis of the Application
• Bug detection and correction
• Development of new features

Legal obligations:

• Compliance with accounting and tax obligations
• Response to requests from competent authorities

4. LEGAL BASIS FOR PROCESSING

In accordance with GDPR, the processing of your data is based on the following legal grounds:

Contract performance: for the provision of the service you subscribed to (account creation, meal analysis, subscription management).

Explicit consent: for processing of health data (weight, body measurements, weight loss goals), for push notifications, and for Apple Health synchronization.

Legitimate interest: for service improvement, application security, and fraud prevention.

Legal obligation: for compliance with accounting and tax obligations.

5. HEALTH DATA — SPECIFIC PROCESSING

Nutritional, weight, and health data are considered sensitive data within the meaning of Article 9 of GDPR.

Their processing is conditioned on your explicit consent, given during registration and revocable at any time.

This data:

• Is encrypted end-to-end
• Is never shared with third parties for commercial purposes
• Is never sold
• Is securely stored on Firebase (Google) servers in Europe
• Can be deleted upon your request at any time

6. RETENTION PERIOD

Your data is retained for:

During the active life of your account:
All data necessary for service provision.

After account deletion:

• Billing data: 10 years (legal accounting obligation)
• Anonymized technical data: maximum 24 months
• All other data: deleted within 30 days

7. DATA RECIPIENTS

Your data is accessible only to:

The Application Publisher: Jeremy Dumesny and any person acting under his responsibility.

Our subprocessors:

Google Cloud / Firebase (data hosting):

• Location: servers in Europe (eur3 multi-region)
• Compliance: certified ISO 27001, SOC 2, GDPR

OpenAI (AI photo analysis):

• Location: United States
• Data transmitted: only meal photos (without user identifier)
• Compliance: GDPR-compliant data processing agreement
• Retention policy: images are not retained by OpenAI beyond 30 days

Apple Inc. (payments and distribution):

• Location: United States
• Data transmitted: payment and subscription information
• Compliance: Apple Privacy Policy

No other third party has access to your data. We never sell, rent, or share your personal data with third parties for advertising or commercial purposes.

8. TRANSFERS OUTSIDE THE EUROPEAN UNION

Some of our subprocessors (OpenAI, Apple) are located in the United States.

These transfers are governed by:

• Standard Contractual Clauses (SCC) of the European Commission
• Appropriate certifications of subprocessors
• Additional technical security measures (encryption)

9. YOUR RIGHTS

In accordance with GDPR, you have the following rights regarding your personal data:

Right of access: obtain a copy of all personal data we hold about you.

Right of rectification: correct any inaccurate or incomplete data.

Right to erasure (right to be forgotten): request deletion of all your data.

Right to restriction: request temporary suspension of processing of your data.

Right to portability: receive your data in a structured, machine-readable format.

Right to object: object to the processing of your data for legitimate reasons.

Right to withdraw consent: withdraw your consent at any time for processing that depends on it.

Right to define post-mortem directives: organize the fate of your data after your death.

Right to lodge a complaint: with the CNIL (French Data Protection Authority) - www.cnil.fr.

To exercise these rights:
Email: support.tracemeal@gmail.com
Response time: maximum 30 days

10. SPECIFIC RIGHTS FOR CALIFORNIA RESIDENTS (CCPA)

If you reside in California, you have additional rights under the California Consumer Privacy Act:

Right to know what personal data is collected, used, shared, or sold.
Right to request deletion of your data.
Right to opt-out of the sale of your personal data.
Right to non-discrimination for exercising your rights.

We do not sell any personal data within the meaning of CCPA.

11. DATA SECURITY

We implement the following technical and organizational measures to protect your data:

Technical measures:

• Encryption of data in transit (TLS 1.3)
• Encryption of data at rest (AES-256)
• Multi-factor authentication for system access
• Regular backups and restoration tests
• Continuous monitoring and intrusion detection

Organizational measures:

• Data access limited to authorized persons
• Data protection training
• Secure password policy
• Incident management procedures

In the event of a data breach likely to result in a risk to your rights and freedoms, we commit to inform you within a maximum of 72 hours.

12. COOKIES AND TRACKERS

The Trace Meal Application does not use cookies in the technical sense of the term.

However, we use similar technologies to:

• Maintain your active session
• Remember your preferences
• Analyze Application usage (in an anonymized manner)

You can disable Apple's advertising tracking via:
Settings > Privacy > Tracking > Disable "Allow Apps to Request to Track"

13. PROTECTION OF MINORS

The Trace Meal Application is not intended for minors under 17 years of age.

We do not knowingly collect personal data from minors under 13 years of age. If we discover that such collection has occurred, we will immediately delete this data.

Users aged 13 to 17 must obtain prior authorization from their parents or legal guardians before using the Application.

14. NOTIFICATION OF MODIFICATIONS

We reserve the right to modify this Privacy Policy at any time.

In case of substantial modification, we will inform you by:

• In-app notification
• Email to the address associated with your account
• Update of the "Last updated" date at the top of this policy

Continued use of the Application after the effective date of modifications constitutes acceptance of the new provisions.

15. CONTACT

For any questions regarding this Privacy Policy or your personal data:

Email: support.tracemeal@gmail.com
Postal address: Jeremy Dumesny, 103 Avenue Isola Bella, Rosella Hightower, 06400 Cannes, France

Data Protection Officer (DPO):
Trace Meal is not legally required to designate a DPO. For any request regarding your data, contact: support.tracemeal@gmail.com

Supervisory authority:
Commission Nationale de l'Informatique et des Libertés (CNIL)
3 Place de Fontenoy
75007 Paris, France
www.cnil.fr